Solved: Action log of emails sent as trigger from alert

arrowecssupport · ‎08-09-2016

Where can i see the list of emails sent as a trigger action from an alert. Is this in the audit log or a log file on the cli?

inventsekar · ‎08-09-2016

when you create the alert, you can enable "Add to Triggered Alerts" action, so that, you can review all recently triggered alerts on the Triggered Alerts page.
http://docs.splunk.com/Documentation/Splunk/6.4.2/Alert/Triggeredalertaction
http://docs.splunk.com/Documentation/Splunk/6.4.2/Alert/Reviewtriggeredalerts

Details of triggered alerts are available for 24 hours by default.

updated -
this query will give us a list of alerts fired in last 1day -

index=_audit action=alert_fired earliest=-1d@d

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !

inventsekar · ‎08-09-2016

when you create the alert, you can enable "Add to Triggered Alerts" action, so that, you can review all recently triggered alerts on the Triggered Alerts page.
http://docs.splunk.com/Documentation/Splunk/6.4.2/Alert/Triggeredalertaction
http://docs.splunk.com/Documentation/Splunk/6.4.2/Alert/Reviewtriggeredalerts

Details of triggered alerts are available for 24 hours by default.

updated -
this query will give us a list of alerts fired in last 1day -

index=_audit action=alert_fired earliest=-1d@d

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !

Action log of emails sent as trigger from alert